Dark Reading

AI-Assisted Supply Chain Attack Targets GitHub

PRT-scan is the second campaign in recent months where a threat actor has leveraged AI for automated targeting of a ...
The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...
Dark Reading

Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

Factory 2.0 deepens security with new AI tools, Actions, and Skills to continuously reconcile open-source artifacts across ...

Cisco source code stolen in Trivy-linked dev environment breach

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to ...
SecurityWeek

Axios NPM Package Breached in North Korean Supply Chain Attack

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
Crypto Briefing

Whale.io launches the first AI agent MCP for crypto casino

Whale.io has never been short on ideas for what a crypto casino could be. Today, it’s adding another one to the list. The ...
SecurityWeek

TeamPCP Moves From OSS to AWS Environments

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...
CPO Magazine

Taking Stock of the Anthropic Source Code Leak: AI Agent Compromise Signals Security Issues, “Claude Copies” Ahead of Massive IPO

While Anthropic has attempted to contain the leak damage with takedown requests, the AI agent's code unsurprisingly spread ...

The end of 'shadow AI' at enterprises? Kilo launches KiloClaw for Organizations to enable secure AI agents at scale

In Kilo’s vision, every employee eventually carries two identities—their standard human account and a corresponding bot ...
The Hacker News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...

Claude, OpenClaw and the new reality: AI agents are here — and so is the chaos

More recently, fears of reaching artificial general intelligence (AGI) have become more real with the advent of powerful ...